Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unauthorized use of application functions in WDA, SAP security note 1586741

Description

A malicious user can execute functions in Web Dynpro ABAP without authentication and authorization.

Available fix and Supported packages

  • SAP_BASIS | 702 | 702
  • SAP_BASIS | 730 | 730
  • SAP_BASIS | 800 | 802
  • SAP_BASIS 702 | SAPKB70209 |
  • SAP_BASIS 730 | SAPKB73004 |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1586741

TAGS

#Cross-site-request-forgery
#XSRF
#Web-Dynpro-ABAP

More to explorer